Archive for August 22, 2022

Monday, August 22, 2022

Self Service Repair for M1 Mac Notebooks

Apple (Hacker News):

Self Service Repair for MacBook Air and MacBook Pro offers more than a dozen different repair types for each model, including the display, top case with battery, and trackpad, with more to come. Customers who are experienced with the complexities of repairing electronic devices will be able to complete repairs on these Mac notebooks, with access to many of the same parts and tools available to Apple Store locations and Apple Authorized Service Providers.


Apple will offer rental kits for $49, so that customers who do not want to purchase tools for a single repair still have access to these professional repair tools. Customers will have access to the tool kit for one week and it will be shipped free of charge.

This is great to see.

Hartley Charlton:

Apple reaffirmed that the program will expand to additional countries later this year, starting in Europe.

Jason Snell:

The cost of repair parts varies widely. An audio board replacement might cost $12, and speakers $29, while the logic board for a 32-core GPU MacBook Pro with 32GB of memory and a 1TB hard drive would run more than $1900. However, depending on the part, Apple will buy back the broken part and refurbish it for re-use in another repair, making that $1900+ logic board repair cost a little less than $600. (If Apple doesn’t reimburse you for a part, they’ll still accept it and recycle it if you want to send it back to them.)


Update (2022-08-29): Mr. Macintosh:

Customer: I need to replace the battery in my 2021 M1 MBPro. (out of warranty)

Apple Store: We can do that for you. (parts & labor) = $199

Apple Self Service: You can buy the part from us = $527. You can now perform the repair yourself, then send the old part back = $439

Sam Goldheart (MacRumors, Hacker News):

But let’s not compare Apples to Phillips Screws—it’s not 162 pages because Apple has changed where batteries sit in the MacBook Pro. It’s that long because the manual says that to replace the battery, you’ve got to replace the entire top case. At the time of writing, Apple will not sell you a replacement MacBook Pro battery. They sell you a “Top Case with Battery and Keyboard.” And so their guide has you remove literally every component from the top case. The laptop is built on the top case, so to get to it, you’ve got to demanufacture the whole thing.


The Hidden History of Screen Readers

Sheon Han:

Blindness made working as a mechanical engineer difficult. When he consulted Florida’s Division of Blind Services, a counselor told him that computer programming was becoming a popular career for people who are blind.


In 1987, they founded Henter-Joyce and soon released the first version of their screen reader for DOS. They called it JAWS, which stands for Job Access With Speech, but is also a playful reference to another DOS screen reader called Flipper, like the dolphin in an eponymous 1960s TV show.

JAWS was not the only screen reader in the market, but it had original features like the dual cursor — one application cursor for navigating elements on the page and another that could move freely like how our eyes move around the screen. It also had built-in Braille support and a scripting language for users to customize their workflow.


It was only in 2019 that an open-source alternative — NonVisual Desktop Access (NVDA) — finally overtook JAWS in popularity. (JAWS took back its dominant market share in 2020, but just barely).

See also: Upgrade.


Google Account Deleted Due to CSAM False Positive

Kashmir Hill (Hacker News):

With help from the photos, the doctor diagnosed the issue and prescribed antibiotics, which quickly cleared it up. But the episode left Mark with a much larger problem, one that would cost him more than a decade of contacts, emails and photos, and make him the target of a police investigation. Mark, who asked to be identified only by his first name for fear of potential reputational harm, had been caught in an algorithmic net designed to snare people exchanging child sexual abuse material.


Two days after taking the photos of his son, Mark’s phone made a blooping notification noise: His account had been disabled because of “harmful content” that was “a severe violation of Google’s policies and might be illegal.”


A few days after Mark filed the appeal, Google responded that it would not reinstate the account, with no further explanation.


CyberTipline staff members add any new abusive images to the hashed database that is shared with technology companies for scanning purposes. When Mark’s wife learned this, she deleted the photos Mark had taken of their son from her iPhone, for fear Apple might flag her account.

The police determined that no crime had occurred, but Google permanently deleted his account, anyway. Apparently, the police now have the only copy of his data.

I don’t really want to use iCloud Photo Library, but I have it enabled now because Image Capture doesn’t work wirelessly, and recent versions have been buggy. I guess the proper way to take photos for a doctor would be to temporarily turn off iCloud Photo Library or to use a third-party camera app that doesn’t save to the camera roll. But I bet nearly every iPhone user has some photos—be they medical, sexual, or of documents—that they would like to mark as private (not just hidden). They should still be backed up but protected with an extra password or something. I don’t know how to prevent this from being abused to store actual CSAM, though.

Meek Geek:

If you are accused by Google of doing something they don’t like and have your account blocked, there is no easy way to get human support on the other side to review the issue.

Kyle Howells:

One of the things I’ve been doing the last few years is trying to slowly remove Google as a single point of failure in my life.

Spreading out my online life over more companies so no 1 company can ruin my life at the flick of a switch.

There’s no real way to remove Apple if you use an iPhone.


Update (2022-08-26): John Gruber:

To my knowledge, no innocent person has been falsely flagged and investigated like Mark using the NCMEC fingerprint database. It could happen. But I don’t think it has. It seems uncommon for an innocent person like Mark to be flagged and investigated by the second method, but as Hill reports, we have no way of knowing how many like Mark there are who’ve been wrongly flagged, because for obvious reasons they’re unlikely to go public with their stories.


“Avoid uploading to the cloud” is difficult advice for most people to follow. Just about everyone uses their phone as their camera, and most phones from the last decade or so — iPhones and Android alike — upload photos to the cloud automatically. When on Wi-Fi — like almost everyone is at home — the uploads to the cloud are often nearly instantaneous.


The on-device vs. on-server debate is legitimate and worth having. But I think it ought to be far less controversial than Google’s already-in-place system of trying to identify CSAM that isn’t in the NCMEC known database.

See also: Dithering, The Talk Show.

Update (2022-10-10): See also: Hacker News, Ben Thompson, Nick Heer.

Too Secure

Manton Reece:

I continue to think that my devices are now too secure. Face ID shouldn’t freak out multiple times a day, requiring a pin. Safari shouldn’t scrap cookies every week, requiring needless extra web sign-ins. Any security beyond unlocking my Mac is usually unnecessary friction.

I think there’s something to this. There is often a tradeoff between security and convenience, so it’s important to find the right balance and to limit the annoying stuff to where it actually helps a lot.

Face ID requires my passcode multiple times per day, which tempts me to choose one that’s less secure. Safari is more annoying than other browsers because the “Remember me” checkbox on so many sites doesn’t work. Apple’s sites seemingly always require logging in. My old iMessages are nearly impossible to access, and cannot be directly downloaded, ostensibly because they are end-to-end encrypted. Yet, in practice, that’s a mirage, so it feels like Apple has more access to them than I do. Transparency Consent and Control (TCC) seemed like a reasonable idea but remains failure-prone and confusing—as if the thinking was that making it smoother would be less secure. And, of course, the App Store provides—at great cost—arguably much more the appearance of security than actual security.


Update (2022-08-29): Nick Heer:

I agree with Reece’s diagnosis of the problem, but not its cause. If someone is logged into a user account on a Mac, everything in the keychain is probably unlocked and available to them as well. And if they have text message forwarding enabled on their iPhone, an SMS-based two-factor code will appear in Message. Despite what is basically security theatre, I need to reauthenticate several times weekly on websites and in applications I use all the time.